Solved: Extract values from all matches in regex

pbarford · ‎10-09-2013

I have a line in my log like this

013-09-30 23:55:32,954 [pool-13-thread-18655] INFO c.p.d.r.c.release.MessageReleaser Expiry triggered for [1904614]: L[769] R[770] R[771] R[772] R[773] L[774] R[775] L[776] R[777]

If I run this

sourcetype="log4j" | search "Expiry" | rex "(?L[[0-9]{1,45}])"

it only gives me the first value "L[769]", I want to extract values for all matches. Have search through the forum and haven't found anything to help, any ideas?

gfuente · ‎10-09-2013

Hello

try this:

sourcetype="log4j" | search "Expiry" | rex max_match=10 "(?<seqno>L[[0-9]{1,45}])"

Regards

View solution in original post

gfuente · ‎10-09-2013

Hello

try this:

sourcetype="log4j" | search "Expiry" | rex max_match=10 "(?<seqno>L[[0-9]{1,45}])"

Regards

alacercogitatus · ‎10-09-2013

But you are missing the R values. Do this regex: (?<seqno>[LR]\[[\d]+\])

pbarford · ‎10-09-2013

wow thanks for the quick answer, worked

Extract values from all matches in regex

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

Extract values from all matches in regex

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits